This selection is intended to include all important
and all user-visible changes.
For a complete record of all changes, please see the "source-changes"
mailing list, called "OpenBSD CVS"
in the archives,
or use CVS.

Loosened a kernel check in response to routing message address bits being set without corresponding socket addresses. This was keeping broken ports from working, so this change will act as a temporary workaround until bugs can be found and corrected.

Fixed hack(6) to write savegames and score files to the current directory instead of /var.

Altered audio(4) to try and start playback automatically as soon as there is enough data. Useful to quickly test and debug low level drivers with simple shell commands.

Stopped incorrectly advertising MCE/MCA support in vmm(4). This fixes a Linux guest VM boot problem on Ryzen machines. Stopped advertising support for SSBD and related speculative exec control features on AMD.

Changed the way bgpd(8) peers are reloaded by moving the struct peer into bgpd_config. Now parent and session engines are merging the lists.

Modified the autopartitioner in disklabel(8) to grow minimum size for /usr to 1300M, allowing space for the current amd64 minimum sets size of 920M used, additional space for upgrades and relinking of libraries and kernels.

Added the ability to openrsync(1) to combine rsync:// and -e by splitting rsync_socket() into rsync_connect to establish a TCP connection to the remote daemon, and rsync_socket() to run the actual protocol.

In vmm(4), use sgdt/sidt to reset the GDT/IDT limits after exiting the guest VM on VMX, preventing a default limit set too high on exit.

Modified adjtime(2) to se EINVAL if delta overflows 64 bits of microseconds to be consistent with practices elsewhere.

Introduced a new rwlock, tc_lock, which allows adjfreq(2) and the kern.timecounter.hardware sysctl(2) to read/write the active timecounter pointer and the .tc_adj_freq member of the active timecounter safely. This prevents torn read/writes when dropping KERNEL_LOCK and ensures the active timecounter doesn't change during an adjfreq(2) call.

Changed the parsing of dhclient.conf(5) 'prepend' statements to 'supersede' and 'append' to 'default' when the option data cannot be prepended or appended to. A parsing warning will be issued to allow users to adjust their configuration files.

Began to ensure that outer ICMP packet destination IP and inner protocol packet source IP addresses match in ICMP and ICMP6 packets with pf(4), to prevent passage of nonsensical packets.

Corrected a bug in mandoc(4) where an empty final line of input could lead to a buffer overflow.

Merged Mesa 18.3.5.

Addressed an issue with uaudio(4) where a busy system could cause audio playback to cease when a status of USBD_IOERROR led to erroring out early in uaudio_pdata_intr().

Extended the #[] style syntax to allow status lines in tmux(1) to extend up to five lines in height, configurable with a single option. Added the 'align' option for alignment within the status lline array, entries in tree mode and pane status lines; 'list' for the window list and 'range' to configure ranges of text for mouse bindings.

Edited vmctl(8) to allow an existing VM to be started by referencing its ID.

Added kubsan(4), an undefined behavior sanitizer for the kernel, which will print findings about undefined behavior at runtime to the system console. This is limited to architectures using clang(1) as their default compiler and is not enabled by default.

Made changes to rasops(9) to correct font filtering. Invoking the -l option of wsfontload(8) will now allow display of all currently loaded fonts.

Added format variables for default tmux(1) variables in various modes. Added a -a display-message flag to list variables with values.

Changed tset(1) and ttys(5) to use hardware tabs as the default since almost all terminals now support them.

Added a new driver for USB Audio Class v2.0 devices to uaudio(4). The new driver maps audio blocks to USB transfers allowing precise synchronization and better reliability. This replaces the current one for USB Audio Class v1.0 devices.

Added copy_output() and underrun() methods to audio(4) to support drivers using bounce buffers (e.g. uaudio(4)).

Changed acpithinkpad(4) to default to the ACPI method and fallback to the CMOS method if the ACPI method fails. This makes screen backlight changes work for the x260. Unmasked the microphone mute event which is needed on the x260.

Updated Spleen kernel fonts to the latest released version.

Updated the error message that disklabel(8) displays for the interactive 'n' command to show that -F or -f is required.

Fixed booting on 486s without cpuid by returning early in microcode loading if cpuid is not available.

Improved cleanup of the configuration on shutdown of bgpd(8). This helps to detect memory leaks.

Improved portability of OpenSSH by moving checks for lists of users or groups into their own functions.

Modified sshd(8) to reset last-seen time when sending a keepalive. This prevents premature termination of a connection when ClientAliveCount=1.

Fixed parsing of rules using "once" in pfctl(8). 'match one' and 'anchor "a" once' had been erroneously allowed.

Unmasked keyboard brightness and screen brightness events in acpithinkpad(4). This keeps wscons(4) keyboard.backlight in sync and allows reaction to screen brightness keys. On newer ThinkPads, made thinkpad_brightness{up,down} use the ACPI method for adjusting screen brightness. This fixes screen brightness on the x270, x280, t470s, t470p, x1c6 and potentially additional models.

Modified ixl(4) to ignore rx interrupts before the interface is running. This prevents a crash in cases where the PXE rom has left rx interrupts pending.

Changed Mesa build to include LLVM support on amd64 and i386 now that libelf and a shared libLLVM are included in base. This will allow building of the radeonsi Mesa driver, adding accelerated support for radeon parts built on the Graphics Core Next (GCN) architecture.

Increased UFS dirhash memory slightly to increase directory performance now that very tiny machines are less common.

The install*.fs and install*.iso files increased in size due to clang library changes.

Built and installed llvm includes, llvm-config and a shared libLLVM, required to build the radeonsi Mesa driver.

Applied a background initialization progress fix from mfii(4) to mfi(4).

Combined queue drops with errors as fails when showing interface stats in netstat(1). To view queue drops or errors alone, use -d or -e respectively.

Exposed interface queue drops in the interface view of sysstat(1). Queue drops and errors may be viewed with the use of 'd' and 'e' respectively, or as a combined statistic, using 'f'.

Added support for RFC 6455 Websockets connection upgrade to relayd(8).

Increased accessibility for mandoc(1) through the addition of HTML sectioning elements.

Fixed bgpd(8) leak of non-dynamic objects on configuration reload when adding an already-present network to the list of announcements.

Improved handling of HT protection for 'mode 11n' hostap and switched to use of CTS-to-self frames rather than RTS/CTS for HT protection. Corrected ieee80211(9) misclassification of certain devices as 11a/g which led to unnecessary use of HT protection.

Added new mmap(2) flag MAP_CONCEAL. Memory under MAP_CONCEAL is not written to the disk in the event of a core dump.

Ensured actions will not be carried out in cwm(1) using the last group when the requested one is not found.

Fixed bug where IPv6 fragments with malformed extension headers could be erroneously passed by or cause a panic in pf(4).

Set TLS handshakes to automatically complete as part of read/write calls to prevent attempts to read data that does not exist.

Added mpip(4), an IP tunnel interface for "IP Layer 2" over MPLS pseudowires. This can be used to quickly set up an IP tunnel over an MPLS fabric without the need to configure bgpd(8) and mpe(4) interfaces.

Modified iwm(4) to use CTS-to-self for HT protection if requested by the AP, rather than always using RTS.

Disabled RTS threshold by default for ieee80211(9). This has been replaced by a heuristic in 11n and is not clearly preferable in many situations. RTS will continue to be used for certain drivers and when 11g protection is enabled by the AP when 11b clients are around.

Implemented support for dynamic RTS threshold in MiRA, improving throughput and latency on 11n networks.

Introduced safe memory reclamation (SMR), a mechanism for reclaiming shared objects that readers can access without locking. This provides a basis for read-copy-update operations. SMR-protected objects are not destroyed while readers are using them, and a callback may be scheduled with the use of smr_call(9) as an alternative to waiting.

Increased the built-in certificate validity for simple configurations in ikectl(8) from 365 to 4500 days, preventing the need to install new CA certificates on all client machines. Default validity for server certificates remains at 1 year.

Added bgpd(8) support for '*', local-as and neighbor-as for ext-community matching. If local-as/neighbor-as is used as an expansion of AS number then bgpd will default to the 4-byte AS type to encode the community.

Improved support for nmea(4) devices, providing altitude and ground speed values as sensors.

Added an scp(1) client check for whether filenames sent during remote -> local directory copies satisfy the user-specified wildcard, and a -T flag to disable this functionality in case of this check rejecting wanted files.

Made ssh-keyscan(1) return a non-zero exit status if it finds no keys.

Set ssh(1) to accept the host key fingerprint as a synonym for "yes" when accepting an unknown host key, allowing pasting of fingerprints obtained through other means to have the client perform the comparison for you.

Forced progressmeter to update at the beginning and end of a transfer, fixing a bug where it wouldn't display on quick scp(1)/sftp(1) transfers.

Enables manual validity checking for constraints in the X.509 certificate in ntpd(8). This should prevent failure of automatic validity checking based on incorrect system time, allowing use of the HTTP header's report of server time.

AMD64 machines will now support 2TB of physical memory, extendable in the future.

Added support for a "lsetstat@openssh.com" extension. This replicates the functionality of the existing SSH2_FXP_SETSTAT operation but does not follow symlinks.

Updated to exit syspatch(8) correctly after updating itself. Improvement to readability of patches to install on first boot.

For external LSAs the type (1 or 2) is encoded in the metric field. Fixed a problem where ospfd(8) and ospf6d(8) overwrite this information when "depend on" is used and the specified interface is down.

Made bgpd(8) check to see if a control socket or address is in use before using it. If it is in use then abort startup or let a reload fail. Stopped sockets from being unlinked during a normal shutdown.

Changed vmd(8) so that when netbooting a vm using the "-B net" option vmd sets the hostname in the DHCP lease to the name of the vm. This makes for easier use of dedicated autoinstall response files for different vms.

Made sure that when bgpd(8) is converting a netmask to prefixlen that it never returns a value bigger than 128.

Implemented a simple bgpd(8) ruleset optimizer that merges filter rules that differ only by filter sets.

Added a new "-B device" argument to vmctl(8) start to allow setting of the boot device. It allows kicking off an OpenBSD autoinstall by using 'vmctl start "installer" -Lc -B net -b bsd.rd -d disk.img'.

Made it possible to define the bootdevice in vmd(8). If VMBOOTDEV_NET is used the internal dhcp server will pass "auto_install" as the boot file to the client and the boot loader will pass the MAC address of the first interface to the kernel to indicate PXE booting.

Implemented a time-based method for tracking motion states of touches in wscons(4).

Deleted malloc_usable_size() function, which exposed some of the internal workings of malloc(3) and can be replaced by allocation.

Initialized cached last sequence numbers for received packets to invalid values rather than dropping the first packet received from each AP in each QoS class, which would affect the first packet of the WPA2 4-way handshake on certain APs and could lead to connection delay or failure.

Fixed the case in ksh(1) where the recursion detection isn't reset when the command is interrupted.

Applied unveil(2) to boot images specified by the -o option in makefs(8). Added exiting with an error status when writing a CD image fails.

Added support for txprio settings on interfaces with ifconfig(8). This adds a txprio argument with a setting which can be changed to 'payload,' 'packet' or a number between 0 and 7.

Modified dhclient(8) to restart when an SSID change is noted in RTM_80211INFO, ensuring that the correct lease is discovered or renewed and the lease file is properly updated.

Added the new routing socket message RTM_80211INFO to provide details of 802.11 interface state changes and added support to route(8).

Added a mechanism for managing asyncronous IO signal registrations.

Set the hardmtu on ethernet encapsulated interfaces so the MTU can be raised above 1500.

Limited the number of interface units to the number of device minors, preventing the creation of tap(4) and tun(4) devices which can't be opened from userland because of the limit on the number of dev_t minor numbers.

Removed ethers(5) YP support from libc, allowing more effective use of pledge(2) in some programs.

Modified nc(1) to report to stderr in verbose mode when the listen system call has finished, allowing writing of race-free scripts as server status can be checked.

Cleaned up and simplified the ssl(8) handshake transcript code, providing a more readable API with code that uses a BUF_MEM instead of a BIO.

Fixed a case where if a server asked the client for a certificate that doesn't exist, a handshake transcript would be left behind in ssl(8).

Changed the default listen port for switchd(8) from 6633 to 6653, the IANA standardized OpenFlow port. When a listen port is not specified in switchd.conf(5), it will be randomized.

Used the original client border width to adjust initial placement of clients containing {P,US}Position requests where they are explicitly set to 'ignore' in cwmrc. This prevents unintentional client offset in cwm(1).

Fixed a problem associated with keeping default ribs alive and Adj-RIB-In/Out in bgpd(8). The RIB will only be recreated if the FIB distribution flags changed or the rtableid changed and there is a FIB.

Fixed an error in tmux(1) by ensuring that a non-repeating key used when repeating be treated as an entirely new key press.

Tested TLS interoperability between LibreSSL and OpenSSL by implementing a simple SSL client and server in C, then creating four binaries by linking them with LibreSSL or OpenSSL to test API compatibility.

Defined TLS_CA_CERT_FILE rather than having every application create their own define for /etc/ssl/cert.pem.

Corrected unzooming and redrawing of panes in switch-client for tmux(1).